/container/mycontainer1/rootfs/tmp/newfile
- is seen under container mycontainer1 as /tmp/newfile

So host can copy a file
between 2 containers.

Within a container (once
logged in) we can only go upto / and cannot cd .. Beyond it. So one
container cannot see files of another container.

Separate namespaces for
processes -

Each lxc-start
process will spawn lxc-init process within container and it will have
pid=1 within the container but outside on the host it will not.

Network namespace -

System or OS containers vs
Application containers:

OS/System
containers - They have full OS and close to VM. Generally long running
containers. (lxc-start -n o17cont1

App containers - they are
temporary, execute one command or process and dies, they are given access
to parts of the host's root file system. Similar to JVM sandbox, OSGI
etc. (lxc-execute 0n myappcont -- ps -A) after executing the specified
command or app it will come back
to

If container messes up the
kernel it can impact the host OS but in VM the kernel is not impacted.

Docker - packages all dependencies required by
an application and packages it together and puts it into a container.

Portability - just like JVM
(all application which work within docker can be installed on any OS with
docker container support)

Much smaller than VM image

Disadv of container
-

Less secure than VM

Less isolation

Concept: Docker uses lxc (linux
containers) and so it is native to linux. On PC or MAC, we need to install
docker toolbox which uses Oracle Virtualbox to install a small Linux VM
and uses that to create docker containers.

PODA - Package once deploy
anywhere.

Docker helps in packaging an
application and all its dependencies into one image. The image creation is
defined in a dockerfile (http://docs.docker.com/engine/reference/builder/ ). Docker can parse this
file and build an image. This file can include other existing images.
Docker will first try to find the images locally and if not found then it
searches in the remote docker registry.

Docker has 3 main stages:

Build- builds a dockerfile to create an
image (images are all versioned and have a SHA id like git commit id).

Run - runs an image to
create a container

Ship - posts the image to a
repository (push/pull).

Important to understand is -
that docker container should run only one service. Anytime we have
multiple JVM processes being started within our application, think of
separating those into multiple containers so each process has its own
container. The containers can then be linked.

Docker composer - is a tool
to build applications comprising several containers. A typical example is:

Run 4 instances
of mongodb containers - say where 3 are part of a replica set and 1 is to
run the mongos router.

The above set of containers
can be defined within a docker composer yaml file or a set of yaml
definition files. SO when we say docker-composer up -d it will create the
required images and run the containers.

Docker hub:

You
can login using:

$
docker login

User:
xyz

Password:
abc

Email: myself@me.com

Install docker toolbox (for
Mac or PC only). It installs docker-machine which can be used to create a
TinyCore Linux VM where docker daemon will listen on port 2375 and provide
REST service and the docker client will be a REST cli client to the docker
daemon process in the docker host VM. Docker toolbox uses Oracle
VirtualBox to create docker host linux VM.

Docker commands:

Dokcer build
--tag sjsucohort6/esp . ---
will build an image.

Docker push [image]-- can push the image to docker hub.

Docker pull [image]-- image is analogous to a commit id

Before issuing docker pull
you must be logged in to docker hub (same as github).

Docker pull will get the [image]:latest (the latest version)

Open a shell and type:

Docker-machine
create --driver virtualbox --virtualbox-memory 8096 default -> this will
create a Linux VM named default using virtualbox. On MAC, the VM is
created in ~/.docker/machine/machines/default.

Once the VM is created we
can ssh to it by name (default in this case).

Docker-machine
ssh default
--> this will log you in to the docker host VM.

Docker pull mongo

docker run -d --name mongodb mongo -- starts
mongodb

Docker ps

$ docker run -it --link mongodb:mongo --name
mongoclient mongo sh -- create a new container mongoclient to run mongo
client. The above will use mongo image to launch a client but not run mongodb
instead will bring the shell prompt and now we can connect to the mongo host.

When we create a
link this way, docker will inject environment variables named
MONGO_PORT_27017_TCP_ADDR (will give the source container's ip address) and
MONGO_PORT_27017_TCP_PORT (will give the port exposed by the container) into
the container so the application can use these to connect to the DB service in
the parent container.

In Docker 1.9.0 and
later, docker has virtual networking support between containers so all we need
to know is the container name to connect to and docker can resolve the named
container to the ip address of the container.